Bug 1227636

Summary: VUL-0: kernel: User can crash any system with XHCI
Product: [Novell Products] SUSE Security Incidents Reporter: Oliver Neukum <oneukum>
Component: GeneralAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner, oneukum
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1222317    

Description Oliver Neukum 2024-07-10 14:40:53 UTC 
This one is from upstream:

commit 0d2daaded82565f807a4435d678343f437b8b848
Author: Alban Browaeys <alban.browaeys@gmail.com>
Date:   Tue Aug 16 10:18:04 2016 +0300

    xhci: really enqueue zero length TRBs.
    
    Enqueue the first TRB even if full_len is zero.
    Without this "adb install <apk>" freezes the system.
    
    Signed-off-by: Alban Browaeys <alban.browaeys@gmail.com>
    Fixes: 86065c2719a5 ("xhci: don't rely on precalculated value of needed trbs in the enqueue loop")
    Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This one is unambigiously worth a CVE. It crashes a machine, needs no special hardware and needs no special priviledges The patch that introduces the vulnerabilty is needed to fix CVE-2024-26659 on SLE12-SP3-TD.
Comment 1 Marcus Meissner 2024-07-10 15:08:37 UTC 
mailed cve@kernel.org for CVE
Comment 2 Marcus Meissner 2024-07-11 15:31:15 UTC 
hmm. both fix and fixes are in 4.8, so it seems to have been fixed in the 4.8 release phase. (v4.8-rc3 is first tag with the fix)

Were there any releases of this bug without fixing commit?

Then it does not make sense to get a CVE
Comment 3 Oliver Neukum 2024-07-15 13:29:46 UTC 
(In reply to Marcus Meissner from comment #2)
> hmm. both fix and fixes are in 4.8, so it seems to have been fixed in the
> 4.8 release phase. (v4.8-rc3 is first tag with the fix)
> 
> Were there any releases of this bug without fixing commit?
> 
> Then it does not make sense to get a CVE

It will be needed in SLE12-SP3-TD